Help with zeroaccess inserted into tcp/ip stack

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.4
[removed]

 

Welcome to MajorGeeks, rysktkr

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

* Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated - our system works the oldest threads FIRST.
​

 

Here are the log files.

 

http://img805.imageshack.us/img805/9659/rktigzy.gif Open RogueKiller again.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
After scanning has completed, press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[3].txt
Attach RKreport[3].txt to your next message. (How to attach)

__

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 7 Update 1
• Java(TM) SE Development Kit 7 Update 1

__

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

__

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

__

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• Two reports will be created:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized
• Attach only OTL.txt to your next message. (How to attach)

 

Everything completed successfully.

 

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:otl[/COLOR]
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\ntsdexts32.exe -- (StorageCraft Image Manager32)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ultra)
DRV - File not found [Kernel | System | Unknown] -- C:\windows\system32\drivers\ulqieexonuftkbpc.sys -- (ulqieexonuftkbpc)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Simbad)
DRV - File not found [Kernel | System | Unknown] -- C:\windows\system32\drivers\rxyciorjinidwpsp.sys -- (rxyciorjinidwpsp)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (perc2)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (mraid35x)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (i2omp)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (dac960nt)
DRV - File not found [Kernel | Disabled | Unknown] --  -- (dac2w2k)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (CmdIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (AliIde)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ak7r7aoj)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Abiosdsk)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\PowerDVD8\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41  [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41  [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41  [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41  [binary data]
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=15176&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{1C0D0694-1180-4AA3-936F-B1D37BA255BB}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{A57EADD3-0DCF-4BE1-B740-FE830E3DBC88}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
[2012/05/30 09:49:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/06/01 08:42:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\DTToolbar@toolbarnet.com
[2010/09/21 11:24:44 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\searchtoolbar@zugo.com
[2009/12/26 11:08:58 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\askcom.xml
[2011/08/07 16:56:33 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\daemon-search.xml
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} http://mypc:2000/activex/RACtrl.cab (Performance Viewer Activex Control)
[1 C:\windows\$NtUninstallKB44723$\1760806464\*.tmp files -> C:\windows\$NtUninstallKB44723$\1760806464\*.tmp -> ]
[2012/07/02 20:12:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/06/29 15:20:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\10cy7byw.exe
[2012/06/28 11:26:15 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\my_scr.exe
[2012/06/25 08:07:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\4hb646j5.exe
[2012/06/25 07:30:29 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-l0gdw4nUSn3xA4r
[2012/06/25 07:30:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-l0gdw4nUSn3xA4
[2012/06/20 17:04:08 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-kpI0dn6tFIoruYr
[2012/06/20 17:04:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-kpI0dn6tFIoruY
[2011/12/19 01:06:41 | 000,002,048 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\U\00000001.@
[2011/12/16 03:17:20 | 000,098,304 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\U\80000032.@
[2011/12/08 07:55:12 | 000,000,000 | ---- | C] () -- C:\windows\System32\kG5MuXD4.com.b
[2011/12/08 07:12:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Qx8JA8PBv.dat
[2011/12/07 18:29:10 | 000,002,048 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\@
[2011/12/07 18:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\f7n6beithc3553o8ae7ie4l1neo
[2011/12/07 18:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f7n6beithc3553o8ae7ie4l1neo
[2011/12/02 05:07:49 | 000,224,768 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\U\00000002.@
[2011/11/29 06:10:08 | 000,012,800 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\U\80000004.@
[2011/11/02 10:48:14 | 000,001,024 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\U\00000004.@
[2011/09/23 09:33:05 | 000,001,024 | ---- | C] () -- C:\windows\$NtUninstallKB44723$\1760806464\U\80000000.@
[2011/06/25 15:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/06/19 14:42:35 | 000,003,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
@Alternate Data Stream - 368 bytes -> C:\Documents and Settings\Mark\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
[COLOR="DarkRed"]:files[/COLOR]
dir /s C:\WINDOWS\system32\3081 /c
c:\documents and settings\mark\local settings\application data\{f53b4e5d-be5e-dbd5-89b7-192bca81046d}
c:\windows\installer\{f53b4e5d-be5e-dbd5-89b7-192bca81046d}
C:\Documents and Settings\Mark\Local Settings\temp\GiantSavings.exe
rd /s/q C:\windows\$NtUninstallKB44723$ /c
C:\windows\$NtUninstallKB44723$
type "C:\Documents and Settings\Mark\Desktop\RKreport[4].txt" /c
type "C:\Documents and Settings\Mark\Desktop\RKreport[5].txt" /c
[COLOR="DarkRed"]:reg[/COLOR]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A57EADD3-0DCF-4BE1-B740-FE830E3DBC88}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CB30F4C5-1E61-4556-82D2-168822A44962}]
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[emptytemp]
[resethosts]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

__

Let me know how the system is running after you have completed these steps.

 

Everything ran successfully.

 

Forgot to answer your question. System performance is the same as when infected with ZA. System performance was not an issue when infected with ZA. My biggest concern is data security as I do a lot of financial stuff on this PC (quicken, credit card puchases, ect.).

 

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:files[/COLOR]
C:\Documents and Settings\Mark\Local Settings\Application Data\Conduit
C:\Documents and Settings\Mark\Local Settings\Application Data\e47O
C:\Documents and Settings\Mark\Local Settings\Application Data\vlsxogcjn
C:\Documents and Settings\Mark\Templates\22500634ug8u87c8e64k6l3sf3v
C:\Documents and Settings\Mark\Templates\f7n6beithc3553o8ae7ie4l1neo
C:\Documents and Settings\Mark\Desktop\q46sz5iq.exe

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Regarding the financial security aspects of your computer. Nothing is really 100%.. I would recommend changing the passwords of your financial logins and just keep an eye out for suspicious activity.

 

Here they are.

 

This ZA infection coincided with my other computers on my network getting infected. I think it may propagated over the network from this PC. What is the best way to remove infections on the other PCs? I'm worried that we clean this PC and it ends up getting re-infected from one of the infected PCs on the network.

 

Quickest and easiest would be to reformat and reload Windows. However if you have important data on those computers, then you should go through the Read and Run Me First thread again.

 

next steps?

 

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

how confident are you zeroAccess is gone?

 

Your logs look clean to me. Are you still experiencing symptoms of infection?

 

System really didn't exhibit any performance issues even when infected with ZA. MBAM, ESET, and SEP were not able to detect it. So just a little worried about data security. Roguekiller was able to detect it. Maybe I will run that again for peace of mind.

 

Ok.
Be safe

 

thisisu,

thanks for all your help!

 

No problem

 

Shoot! Thought we were done here. My computer no longer boots to windows. It boots to BIOS and then shows Windows XP splash screen then back to BIOS in an endless cycle. I can't even take logs at this point . Please help.

 

You will need to create a new thread in Software forum describing your latest PC issues.

Good luck to you.